I feel called out

Oh

That’s been changing for me lately. All of a sudden youtube is throwing me curve-balls and it’s great.

Even if you’re poking at a black box and are reporting that “it acts funny when I poke it this way.” I’m my opinion, a reporter should send along a script or at least explicit instructions on how to repro.

I take the report more serious since it demonstrates you have an understanding of the issue or exploit. It will also save my time and it’s likely a trivial effort for the reporter since they’ve the context and knowledge of the issue loaded up and ready to go.

Agree that people like to fluff the severity of bugs they report. It’s better for prestige and bounty payouts. But this is a little more nuanced.

“While I didn’t really intend the module to be used for any security related checks, I’m very curious how an untrusted input could end up being passed into ip.isPrivate or ip.isPublic [functions] and then used for verifying where the network connection came from.”

It’s interesting, that it would be hard to make a case that there was a “vulnerability” in the ip package. But it seems like this package’s entire purpose is input validation so it’s kind of weird the dev thinks otherwise.

Recurring incidents like these raise the question, how does one strike a balance? Relentlessly reporting theoretical vulnerabilities can leave open-source developers, many of who are volunteers, exhausted from triaging noise.

The researchers need to provide proofs of concept. Actual functional exploits.

Title is confusing. OpenAI is using News Corp content to train their models. NC isn’t using the model to write articles. Still a garbage in garbage out scenario though.

Can we do this for all sweatshop labor?

Don’t think anyone thinks a hobbyist would be buying this thing.

That might be what I believed when I first started but it’s so far from the truth…

For me it was mostly interesting to hear about their techniques and how they dealt with the earthquakes. Never really thought landslides would be such an issue.

Long but worth it.

May as well just get pneumatic tubes at this point.

Often you don’t even need more property. Just utilize existing rail systems. So much unused or barely used rail in this country.

Companies have been doing this since time immemorial. I guess because it’s TikTok influencers it’s easier to rage about?

Every time I formulated a response in the article the author came to the same conclusion. However, somehow the headline is anti-AI rather than addressing the unrealistic expectations of management…

I’d rather spend my decompression time browsing Lemmy and reading articles with terrible conclusions than doing bullshit work.

Are you suggesting it’s never ethical to kill? Nothing is black and white, especially when it comes to ethics.

It’s up to $100m. No shot those bids are legit.

EDIT: Looks like they cleaned up the fraudulent bids. Down to $15k which seems much more… possible.

Oh lawd they comin

It’s okay. We need to move some shit off GH anyway. They’re basically a monopoly on FLOSS code.

Legibility wasn’t the issue, but I appreciate your transcript anyway.